Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5017 to
the following vulnerability:
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8
encoding, which makes it easier for remote attackers to bypass cross-site
scripting (XSS) protection mechanisms via a crafted string, a different
vulnerability than CVE-2010-1210.
Reference public PoC:
This issue did NOT affect the versions of the firefox package, as shipped
with Red Hat Enterprise Linux 4, 5, or 6 (particular versions already
contain fix for this issue).
This issue affects the latest version of the firefox package, as shipped
with Fedora release of 12.
This issue does NOT affect the version of the firefox package, as shipped
with Fedora release of 13 and 14 (current latest versions already contain
fix for this issue).
Created firefox tracking bugs for this issue
Affects: fedora-12 [bug 656306]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.